Pix 501 and VPN

Hi, we have a pix 501 6.3(4), a windows 2000 server. I
want to configure the pix so that when i am out of the
office i can access files(and be connected) on the
server remotely (which sits behind the pix). all the
users to access the server remotely have cisco vpn
client, nortel vpn client, and the usuall windows vpn
client. Where do i start? Links will also be
appreciated.

If you set up a VPN session from outside-in to access the server you effectively end up on the PIX=2E You then need to somehow gain access to the server=2E The preferred method would be Remote Desktop (RDP)=2E Unfortunately this is not possible on Windows 2000, only W2003=2E To set up the PIX to support this:
fixup protocol pptp 1723
!
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto required
vpdn group PPTP-VPDN-GROUP client configuration dns X=2EX=2EX=2EX
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn username joeschmo password *********
vpdn enable outside

This allows an XP Pro PC to RDP a W2003 server which gives you what you want=2E However this doesn't support your customer's desires to access the network remotely=2E In order to use the Cisco VPN client you either need to make your PIX 501 dedicated to VPN access or obtain a Cisco VPN concentrator=2E To use the Nortel client you will need to obtain something of the sort from Nortel=2E You will also need to obtain a static IP for the outside interface of the PIX=2E

There is much more to this but I wanted to keep it short so it would all fit in the reply=2E

Configure VPN access to the PIX using the Cisco VPN client.
Utilize RDP to access the server since every version of Windows since 2k has
TS functionality built into it (either app mode which requires licensing or
Remote Admin which requires you to be a local admin on the box ) .

This gives you the ability to get at everything remotely. Now if you need to
pull the files back to your laptop you can use something like Ftp to drop
back to your laptop etc.

If you want more info and perhaps a config let me know..
You can even use IAS on the 2k Server to provide Radius functionality so yuo
utilize your windows user accounts for login credentials..

Dear Friend ,
On pix daniel must have to use static natting that preserves 1 ip address
for server only by this way port transition can be get between 1 private and
1 public ip , and daniel can use his server from any where in the world by
that public ip.
Hiren